On Tue, Sep 30, 2008 at 01:43:46PM -0400, Eric Martin wrote:
I have an outward facing ssh box at work that is currently being attacked. somebody's going through a dictionary attack of usernames; currently he or she is on abl. I can't block the IP Address because the ip is different with each username. Does anybody have any good ideas on how to stop this? I'm probably going to move the ssh port to some random high number to get rid of this, but I don't know yet if anybody else ssh's in besides me.
Thanks in advance
You could always just ignore it. Especially if you turn off password authentication and require users to use SSH RSA keys. Then no matter what dictionary attack it attempted, it will never work. I got sick of hearing my hard drive logging all the failed attempts and finally resorted to moving the SSH port.